8.4. Mail module#
Deployment — Kubernetes & UCS appliance
The Mail management module appears in both deployments. However, administrators mostly use it in the context of the UCS appliance with its mail stack capabilities.
Nubus offers the Mail management module to manage the following aspects around email:
You find the Mail management module in the Domain category in the Management UI.
This section describes aspects around the various mail objects and provides a reference for managing them through the Management UI.
Packaged service — only available for UCS appliance
A packaged service using information from the Mail management module is only available for the UCS appliance. You can manage the information in the Kubernetes deployment, as well. The UCS appliances uses Postfix for the SMTP server and Dovecot for the IMAP server.
8.4.1. Management of mail domains#
A mail domain is a common namespace for email addresses, mailing lists, and IMAP group folders. Postfix differentiates between the delivery of emails between local and external domains. The Postfix configuration in the UCS appliance only delivers emails to mailboxes defined in the directory service for email addresses from local domains.
Nubus can manage several mail domains. The managed mail domains don’t need to be the DNS domains of the server—you can choose them as you need them. To add a mail domain to Nubus, use the following steps:
Click Add in the Mail management module, select the type Mail domain, pick a container for the location, and click Next.
Type the name for the mail domain. Ensure that the mail domain only contains the following characters:
Lowercase letters:
a-zDigits:
0-9Periods:
.Hyphens:
-
To save the mail domain, click Create Mail object.
To ensure that external senders can also send emails to members of the mail domain, you need to create MX records in the configuration of the authoritative name servers that designate the UCS appliance system as mail server for the mail domain. You usually make those changes in the DNS configuration of your internet provider or assign the internet provider to properly configure the DNS records.
Packaged service — only available for UCS appliance
The UCS appliance automatically stores the mail domains registered on a mail server
in the mail/hosteddomains UCR variable.
8.4.2. Assignment of email addresses to users#
In Nubus, you can assign various types of email addresses to user objects that represent a user. When you assign email addresses, ensure that they match the following constraints:
They can consist of the following characters:
Lowercase letters:
a-zDigits:
0-9Periods:
.Hyphens:
-Underscores:
_.
The address has to begin with a letter and must include the character
@.
To assign email addresses to user objects, use the Users management module. You find the settings on the following tabs:
- Primary email address:
- Alternative email addresses:
.
- Forward email addresses:
.
Important
You must register at least one mail domain to assign email addresses. For more information, see Management of mail domains.
- Primary email address
Primary email addresses are always unique. You can only configure one primary email address per user object. It also defines the user’s IMAP mailbox.
You must ensure to register the domain part of the email address as mail domain in the Mail management module.
Packaged service — only available for UCS appliance
The Postfix SMTP server and the Dovecot IMAP server in the UCS appliance use the primary email address for authentication. If you assign a mail home server to a user object a Univention Directory Listener module automatically creates the IMAP inbox. For information about the mail home server, see Distribution of an installation on several mail servers.
- Alternative email addresses
The email stack on the UCS appliances also delivers emails to alternative email addresses to the user’s mailbox. You can add multiple alternative email addresses to a user object. The alternative email addresses don’t have to be unique—if two users have the same email address, they both receive all the emails sent to the alternative email address.
You must ensure to register the domain part of the email address as mail domain in the Mail management module.
Packaged service — only available for UCS appliance
When you set the
directory/manager/mail-address/uniquenessUCR variable totruethe Alternative email addresses must be unique across the domain. No other user can have the same alternative address assigned. You need to set the UCR variable on all UCS appliance nodes.
- Forward email addresses
If the user object hast the forward email addresses configured, Postfix forwards received emails through the primary or alternative email addresses to them. Forward email addresses don’t have to be unique. Their domain part doesn’t need registration.
Optionally, the user receives a copy of the messages in their mailbox. To configure the copy of messages, select the user object in the Users management module and navigate to . For information, see Advanced settings tab - Users management.
After you configured the user account properly,
the user can authenticate to the mail stack through IMAP, POP3, and SMTP.
If the user changes their password, or you deactivate the user account,
the sign-in to the mail stack is still possible for 5 minutes,
because of the authentication cache for the mail stack.
Packaged service — only available for UCS appliance
To invalidate the authentication cache, run the command in Listing 8.2 on the mail server. You can configure the expiration time of the authentication cache on the mail server with the following UCR variables:
$ doveadm auth cache flush
8.4.3. Management of mailing lists#
Nubus allows to manage mailing lists for email exchange in private or closed groups. Each mailing list has its own email address. If a sender sends an email to the mailing list, all members of the mailing list receive the sender’s email.
To add a mailing list to Nubus, open the Mail management module and use the following steps:
Click Add in the Mail management module, select the type Mailing list, pick a container for the location, and click Next.
Fill out the form by providing the attributes described in General tab - Mailing list management and Advanced tab - Mailing list management.
Fig. 8.3 shows an example for creating a mailing list.
To create the mailing list, click Create mail object. After Nubus created the mailing list, it’s immediately available for use.
Fig. 8.3 Creating a mailing list#
8.4.3.1. General tab - Mailing list management#
- Name
A name for the mailing list.
- Description
An optional description for the mailing list.
- Mail address
The email address for the mailing list. You must ensure to register the domain part of the email address as mail domain in the Mail management module.
- Members
The email addresses for the members of the mailing list. You can add as many email address as necessary. In contrast to mail groups you can add external email addresses.
8.4.3.2. Advanced tab - Mailing list management#
By default, every person can send emails to the mailing list. To prevent misuse, you can restrict the circle of people who can send mails.
Packaged service — only available for UCS appliance
To restrict the allowed senders, use the following steps:
To enable the sender restriction, set the
mail/postfix/policy/listfilterUCR variable on the mail server to the valueyesand restart the Postfix SMTP server.To configure the allowed senders, navigate to Advanced settings tab and either configure authorized users or authorized user groups. If you define one of the fields, only authorized users or authorized user groups can send emails to the mailing list.
8.4.4. Management of mail groups#
Nubus allows the management of mail groups. A mail group is a user group that has an email address assigned. The Postfix mail server delivers emails to a mail group to the primary email address of each user group member.
To add an email address to a user group and therefore define it as mail group, use the following steps:
Open the Group management module and select the user group.
Navigate to .
Define an email address in the mail address field. You must ensure to register the domain part of the email address as mail domain in the Mail management module.
By default, every person can send emails to the mail group. To prevent misuse, you can restrict the circle of people who can send mails.
Packaged service — only available for UCS appliance
To restrict the allowed senders, use the following steps:
To enable the sender restriction, set the
mail/postfix/policy/listfilterUCR variable on the mail server to the valueyesand restart the Postfix SMTP server.To configure the allowed senders, navigate to in the user group and either configure authorized users or authorized user groups. If you define one of the fields, only authorized users or authorized user groups can send emails to the mailing list.
8.4.5. Management of shared IMAP folders#
Nubus offers the management of shared IMAP folders. Shared email access is the basis for cooperation in many work groups. In Nubus, users can create folders in their own mailboxes and assign permissions so that other users may read emails in these folders or add emails.
Alternatively, you can share individual IMAP folders for users or user groups. This type of folder has the name shared IMAP folder.
To add shared IMAP folder, open the Mail management module and use the following steps:
Click Add in the Mail management module, select the type Shared IMAP Folder, pick a container for the location, and click Next.
Fill out the form by providing the attributes in the following sections General tab - Shared IMAP folder and Access rights tab - Shared IMAP folder.
Fig. 8.4 shows an example for creating a shared IMAP folder.
To create the shared IMAP folder, click Create Mail object.
Important
You can’t rename shared IMAP folders,
therefore Nubus doesn’t take the
mail/dovecot/mailbox/rename UCR variable into account.
If you delete a shared IMAP folder in the Mail management module,
the UCS appliance only deletes it from the hard disk,
if mail/dovecot/mailbox/delete
has the value yes.
The default value is no.
Fig. 8.4 Creating a shared IMAP folder#